#---
# Source: prometheus-node-exporter/templates/psp.yaml
# apiVersion: policy/v1beta1
# kind: PodSecurityPolicy
# metadata:
#   name: node-exporter-prometheus-node-exporter
#   namespace: node-exporter
#   labels:     
#     helm.sh/chart: prometheus-node-exporter-4.3.0
#     app.kubernetes.io/managed-by: Helm
#     app.kubernetes.io/component: metrics
#     app.kubernetes.io/part-of: prometheus-node-exporter
#     app.kubernetes.io/instance: node-exporter
#     app.kubernetes.io/name: prometheus-node-exporter
#     app.kubernetes.io/version: "1.3.1"
# spec:
#   privileged: false
#   # Allow core volume types.
#   volumes:
#     - 'configMap'
#     - 'emptyDir'
#     - 'projected'
#     - 'secret'
#     - 'downwardAPI'
#     - 'persistentVolumeClaim'
#     - 'hostPath'
#   hostNetwork: true
#   hostIPC: false
#   hostPID: true
#   hostPorts:
#     - min: 0
#       max: 65535
#   runAsUser:
#     # Permits the container to run with root privileges as well.
#     rule: 'RunAsAny'
#   seLinux:
#     # This policy assumes the nodes are using AppArmor rather than SELinux.
#     rule: 'RunAsAny'
#   supplementalGroups:
#     rule: 'MustRunAs'
#     ranges:
#       # Allow adding the root group.
#       - min: 0
#         max: 65535
#   fsGroup:
#     rule: 'MustRunAs'
#     ranges:
#       # Allow adding the root group.
#       - min: 0
#         max: 65535
#   readOnlyRootFilesystem: false
---
# Source: prometheus-node-exporter/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-exporter-prometheus-node-exporter
  namespace: node-exporter
  labels:     
    helm.sh/chart: prometheus-node-exporter-4.3.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: prometheus-node-exporter
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
    app.kubernetes.io/version: "1.3.1"
  annotations:
    {}
imagePullSecrets:
  []
---
# Source: prometheus-node-exporter/templates/psp-clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: psp-node-exporter-prometheus-node-exporter
  labels:     
    helm.sh/chart: prometheus-node-exporter-4.3.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: prometheus-node-exporter
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
    app.kubernetes.io/version: "1.3.1"
rules:
- apiGroups: ['extensions']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
  - node-exporter-prometheus-node-exporter
---
# Source: prometheus-node-exporter/templates/psp-clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: psp-node-exporter-prometheus-node-exporter
  labels:     
    helm.sh/chart: prometheus-node-exporter-4.3.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: prometheus-node-exporter
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
    app.kubernetes.io/version: "1.3.1"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: psp-node-exporter-prometheus-node-exporter
subjects:
  - kind: ServiceAccount
    name: node-exporter-prometheus-node-exporter
    namespace: node-exporter
---
# Source: prometheus-node-exporter/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: node-exporter-prometheus-node-exporter
  namespace: node-exporter
  labels:     
    helm.sh/chart: prometheus-node-exporter-4.3.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: prometheus-node-exporter
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
    app.kubernetes.io/version: "1.3.1"
  annotations:
    prometheus.io/scrape: "true"
spec:
  type: ClusterIP
  ports:
    - port: 9100
      targetPort: 9100
      protocol: TCP
      name: metrics
  selector:    
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
---
# Source: prometheus-node-exporter/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-exporter-prometheus-node-exporter
  namespace: node-exporter
  labels:     
    helm.sh/chart: prometheus-node-exporter-4.3.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: prometheus-node-exporter
    app.kubernetes.io/instance: node-exporter
    app.kubernetes.io/name: prometheus-node-exporter
    app.kubernetes.io/version: "1.3.1"
spec:
  selector:
    matchLabels:      
      app.kubernetes.io/instance: node-exporter
      app.kubernetes.io/name: prometheus-node-exporter
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:         
        helm.sh/chart: prometheus-node-exporter-4.3.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: metrics
        app.kubernetes.io/part-of: prometheus-node-exporter
        app.kubernetes.io/instance: node-exporter
        app.kubernetes.io/name: prometheus-node-exporter
        app.kubernetes.io/version: "1.3.1"
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
    spec:
      automountServiceAccountToken: false
      serviceAccountName: node-exporter-prometheus-node-exporter
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsNonRoot: true
        runAsUser: 65534
      containers:
        - name: node-exporter
          image: quay.io/prometheus/node-exporter:v1.3.1
          imagePullPolicy: IfNotPresent
          args:
            - --path.procfs=/host/proc
            - --path.sysfs=/host/sys
            - --path.rootfs=/host/root
            - --web.listen-address=[$(HOST_IP)]:9100
          env:
          - name: HOST_IP
            value: 0.0.0.0
          ports:
            - name: metrics
              containerPort: 9100
              protocol: TCP
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /
              port: 9100
              scheme: HTTP
            initialDelaySeconds: 0
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /
              port: 9100
              scheme: HTTP
            initialDelaySeconds: 0
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            {}
          volumeMounts:
            - name: proc
              mountPath: /host/proc
              readOnly:  true
            - name: sys
              mountPath: /host/sys
              readOnly: true
            - name: root
              mountPath: /host/root
              mountPropagation: HostToContainer
              readOnly: true
      hostNetwork: true
      hostPID: true
      tolerations:
        - effect: NoSchedule
          operator: Exists
      volumes:
        - name: proc
          hostPath:
            path: /proc
        - name: sys
          hostPath:
            path: /sys
        - name: root
          hostPath:
            path: /
